开发者

Secure upload without account in remote server (scp)

开发者 https://www.devze.com 2023-01-30 13:04 出处:网络
I\'m looking for some way to build a certain script. There is some (Linux) users A, B and C who scan images to $HOME/images/scan

I'm looking for some way to build a certain script.

  • There is some (Linux) users A, B and C who scan images to $HOME/images/scan
  • They should upload those pics to the remote server where they don't have accounts.
  • Therefore is virtual user X, who has account on local and remote machine, but who has no direct access to user's home directories.
  • They all have common group "images" and user's scan-directory is readable for this group.

So i want to find a way, how users could run a script which uploads pics to remote server using X permissions and account on remote server. I made a r开发者_JS百科sa-key for that and it is added to remote server authorized keys file. For user X everything works.

I tried some setgid/setuid perl-scripts, but they can't run scp in user X rights and they don't use it's rsa-key either. Something like this example:

#!/usr/bin/perl

use strict;
use warnings;
use Net::SCP qw( scp iscp );
my $scp = Net::SCP -> new( '192.168.1.3', 'X' );
$scp->put( 'file.jpg' ) or die $scp->{errstr};

So I'm looking for other ways to satisfy my needs.

Thank you in advance!

Kõike hääd,

WK


You shouldn't need user X on the local machine. The user and password (or RSA key) is for accessing the remote machine only, nothing to do with the local machine.

I'm not familiar with Net::SCP but I am familiar with the Unix scp command and it works like this:

I am user A. I want to copy a file to machine M using account X. I type:

scp my_local_file.ext X@M:/path/to/file/my_file.ext

As long as I have read permissions on my_local_file.ext, and user X has write permissions to directory /path/to/file/ on machine M, and the authentication all goes ok, then everything is fine.

If you have it working for user X then it sounds like you've basicalyl solved the problem. All you have to do is put the RSA key in the right place on the local machine for users A, B, and C, and just run the script as user A, B, or C.

There may be some complications about the way the RSA key is set up for user A givent hat you will be logging in as user X.


Having said all that, it does rather sounds as if what you really need is an ftp or sftp server on the remote machine. It's possible to configure FTP to allow anonymous or unrestricted access to certain areas for upload and/or download.


I finally turned problem over: i let user ask from Server through webclient (with user X permissions) to get files from local machines to the server.

0

精彩评论

暂无评论...
验证码 换一张
取 消